1/* Part of SWISH 2 3 Author: Jan Wielemaker 4 E-mail: J.Wielemaker@cs.vu.nl 5 WWW: http://www.swi-prolog.org 6 Copyright (C): 2017, VU University Amsterdam 7 CWI Amsterdam 8 All rights reserved. 9 10 Redistribution and use in source and binary forms, with or without 11 modification, are permitted provided that the following conditions 12 are met: 13 14 1. Redistributions of source code must retain the above copyright 15 notice, this list of conditions and the following disclaimer. 16 17 2. Redistributions in binary form must reproduce the above copyright 18 notice, this list of conditions and the following disclaimer in 19 the documentation and/or other materials provided with the 20 distribution. 21 22 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 23 "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 24 LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 25 FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 26 COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 27 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 28 BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 29 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER 30 CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN 32 ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 POSSIBILITY OF SUCH DAMAGE. 34*/ 35 36:- module(config_auth_google, []). 37:- use_module(swish(lib/oauth2)). 38:- use_module(swish(lib/plugin/login)). 39:- use_module(library(http/http_dispatch)). 40:- use_module(library(http/http_session)). 41:- use_module(library(http/http_json)). 42:- use_module(library(http/http_path)). 43:- use_module(library(debug)). 44 45/** <module> Enable login with Google 46 47This module allows for configures _login with Google_. To enable this 48module: 49 50 1. Follow these 51 [steps](https://developers.google.com/accounts/docs/OpenIDConnect) to 52 create a Google project and get 53 54 - A client ID 55 - A client secret 56 - Register a redirect url. To test from localhost, this should be 57 `http://localhost:3050/oauth2/google/reply` 58 59 2. COPY this file to =config-enabled= 60 61 3. EDIT the following server attributes (near the end of this file) 62 - redirect_uri: the location of your swish server. 63 - client_id: the client id you obtained from Google. 64 - client_secret: the client secret you obtained from Google. 65*/ 66 67:- multifile 68 oauth2:login/3, 69 oauth2:server_attribute/3, 70 swish_config:login_item/2, % -Server, -HTML_DOM 71 swish_config:login/2, % +Server, +Request 72 swish_config:user_info/2. % +Request, ?Server, -Info 73 74:- http_set_session_options([create(noauto)]). 75 76:- http_handler(swish(logout), google_logout, []). 77 78swish_configlogin_item(google, 10-Item) :- 79 http_absolute_location(icons('social_google_box.png'), Img, []), 80 Item = img([ src(Img), 81 class('login-with'), 82 'data-server'(google), 83 'data-frame'(popup), 84 title('Login with Google') 85 ]). 86 87swish_configlogin(google, Request) :- 88 oauth2_login(Request, [server(google)]). 89 90oauth2login(_Request, google, TokenInfo) :- 91 token_info_to_user_info(TokenInfo, UserInfo), 92 debug(oauth, 'UserInfo: ~p', [UserInfo]), 93 http_open_session(_SessionID, []), 94 http_session_assert(oauth2(google, TokenInfo)), 95 reply_logged_in([ identity_provider('Google'), 96 name(UserInfo.name), 97 user_info(UserInfo) 98 ]). 99 100%! google_logout(+Request) 101% 102% Logout by removing the session data 103 104google_logout(_Request) :- 105 catch(http_session_retractall(oauth2(_,_)), _, true), 106 reply_logged_out([]). 107 108%! swish_config:user_info(+Request, ?Server, -Info:dict) is semidet. 109% 110% True if Info represents describes the currently logged in user. 111 112swish_configuser_info(_Request, google, UserInfo) :- 113 http_in_session(_SessionID), 114 http_session_data(oauth2(google, TokenInfo)), 115 token_info_to_user_info(TokenInfo, UserInfo). 116 117token_info_to_user_info(TokenInfo, UserInfo) :- 118 oauth2_claim(TokenInfo, Claim), 119 map_user_info(Claim, Claim1), 120 http_link_to_id(google_logout, [], LogoutURL), 121 UserInfo = Claim1.put(_{ auth_method:oauth2, 122 logout_url:LogoutURL, 123 identity_provider:google 124 }). 125 126%! map_user_info(+OAuthInfo, -UserInfo) is det. 127% 128% u{user:User, group:Group, name:Name, email:Email} 129 130map_user_info(Dict, Dict) :- 131 debug(oauth, 'Got: ~p', [Dict]). 132 133%! oauth2:server_attribute(?ServerID, ?Attribute, ?Value) 134% 135% Declare properties of an oauth2 identity provider. The values below 136% are for a [Unity](http://www.unity-idm.eu/) server. 137% 138% @see swish(lib/oauth2) for a description of the attributes. 139 140% from https://accounts.google.com/.well-known/openid-configuration 141 142oauth2server_attribute(google, url, 143 'https://accounts.google.com'). 144oauth2server_attribute(google, redirect_uri, 145 'https://cplint.eu/oauth2/google/reply'). 146oauth2server_attribute(google, client_id, 147 '341495177411-qh35i2n5fcki0nujb4hfp0q1s4d35l7l.apps.googleusercontent.com'). 148oauth2server_attribute(google, client_secret, 149 'rXLZg_FNoY45aE98q3VJQeOX'). 150oauth2server_attribute(google, scope, 151 profile)